From: guangxingwang <gw1218@att.com>
Date: Wed, 21 Feb 2018 15:22:12 +0000 (-0600)
Subject: Fix Fortify Log Forging Issue
X-Git-Tag: v1.2.0~126^2
X-Git-Url: https://gerrit.onap.org/r/gitweb?p=policy%2Fengine.git;a=commitdiff_plain;h=4cee34f2eb3a1a57556f818bf1d107723b1ba7b8

Fix Fortify Log Forging Issue

Fix Fortify log forging issue by removing properties info from logging.

Issue-ID: POLICY-544
Change-Id: I6e7d39abe18698f864564844963d7bbddedd2e3b
Signed-off-by: guangxingwang <gw1218@att.com>
---

diff --git a/ONAP-XACML/src/main/java/org/onap/policy/xacml/std/pap/StdEngine.java b/ONAP-XACML/src/main/java/org/onap/policy/xacml/std/pap/StdEngine.java
index 4399f715f..273383ae6 100644
--- a/ONAP-XACML/src/main/java/org/onap/policy/xacml/std/pap/StdEngine.java
+++ b/ONAP-XACML/src/main/java/org/onap/policy/xacml/std/pap/StdEngine.java
@@ -320,7 +320,7 @@ public class StdEngine extends StdPDPItemSetChangeNotifier implements PAPPolicyE
 		// If it exists already
 		//
 		if (Files.exists(groupPath)) {
-			logger.warn(addGroup + id + " directory exists" + groupPath.toString());
+			logger.warn(addGroup + id + " directory exists");
 		} else {
 			try {
 				//
@@ -338,7 +338,7 @@ public class StdEngine extends StdPDPItemSetChangeNotifier implements PAPPolicyE
 
 		Path policyProperties = Paths.get(groupPath.toString(), "xacml.policy.properties");
 		if (Files.exists(policyProperties)) {
-			logger.warn(addGroup + id + " file exists: " + policyProperties.toString());
+			logger.warn(addGroup + id + " file exists");
 		} else {
 			Properties props = new Properties();
 			props.setProperty(XACMLProperties.PROP_REFERENCEDPOLICIES, "");
@@ -359,7 +359,7 @@ public class StdEngine extends StdPDPItemSetChangeNotifier implements PAPPolicyE
 		Path pipProperties = Paths.get(groupPath.toString(), "xacml.pip.properties");
 		Properties props = new Properties();
 		if (Files.exists(pipProperties)) {
-			logger.warn(addGroup + id + " file exists: " + pipProperties.toString());
+			logger.warn(addGroup + id + " file exists.");
 		} else {
 			try {
 				props = setPIPProperties(props);